Monday, June 5, 2017

Create Azure Multi-Factor Auth Provider

Two-step verification is available by default for global administrators who have Azure Active Directory, and Office 365 users

An Azure Multi-Factor Authentication Provider is used to take advantage of features provided by the full version of Azure MFA. It is for users who do not have licenses through Azure MFA, Azure AD Premium, or EMS. Azure MFA, Azure AD Premium, and EMS include the full version of Azure MFA by default. If you have licenses, then you do not need an Azure Multi-Factor Authentication Provider.


Create a Multi-Factor Authentication Provider

Use the following steps to create an Azure Multi-Factor Auth Provider.
  1. Sign in to the Azure classic portal as an administrator.
  2. On the left, select Active Directory.
  3. On the Active Directory page, at the top, select Multi-Factor Authentication Providers
  4. Click New at the bottom
  5. Select Multi-Factor Auth Provider under App Services
  6. Select Quick Create and provide below details for MFA
    1. Name – The name of the Multi-Factor Auth Provider.
    2. Usage Model – Choose one of two options:
      • Per Authentication – purchasing model that charges per authentication. Typically used for scenarios that use Azure Multi-Factor Authentication in a consumer-facing application.
      • Per Enabled User – purchasing model that charges per enabled user. Typically used for employee access to applications such as Office 365. Choose this option if you have some users that are already licensed for Azure MFA.
    3. Directory – The Azure Active Directory tenant that the Multi-Factor Authentication Provider is associated with. Be aware of the following:
      • You do not need an Azure AD directory to create a Multi-Factor Auth Provider. Leave the box blank if you are only planning to use the Azure Multi-Factor Authentication Server or SDK.
      • The Multi-Factor Auth Provider must be associated with an Azure AD directory to take advantage of the advanced features.
      • Azure AD Connect, AAD Sync, or DirSync are only a requirement if you are synchronizing your on-premises Active Directory environment with an Azure AD directory. If you only use an Azure AD directory that is not synchronized, then this is not required. 
  7. Once you click create, the Multi-Factor Authentication Provider is created and you should see a message stating: Successfully created Multi-Factor Authentication Provider. Click Ok

No comments:

Post a Comment